#syz test
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -5978,10 +5978,6 @@ struct mddev *md_alloc(dev_t dev, char *name)
disk->events |= DISK_EVENT_MEDIA_CHANGE;
mddev->gendisk = disk;
- error = add_disk(disk);
- if (error)
- goto out_put_disk;
-
kobject_init(&mddev->kobj, &md_ktype);
error = kobject_add(&mddev->kobj, &disk_to_dev(disk)->kobj, "%s", "md");
if (error) {
@@ -5999,6 +5995,9 @@ struct mddev *md_alloc(dev_t dev, char *name)
kobject_uevent(&mddev->kobj, KOBJ_ADD);
mddev->sysfs_state = sysfs_get_dirent_safe(mddev->kobj.sd, "array_state");
mddev->sysfs_level = sysfs_get_dirent_safe(mddev->kobj.sd, "level");
+ error = add_disk(disk);
+ if (error)
+ goto out_put_disk;
mutex_unlock(&disks_mutex);
return mddev;
--
2.43.0Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-by: syzbot+fa3a12519f0d3fd4ec16@syzkaller.appspotmail.com Tested-by: syzbot+fa3a12519f0d3fd4ec16@syzkaller.appspotmail.com Tested on: commit: 4b290aae Merge tag 'sysctl-6.17-rc1' of git://git.kern.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=10908834580000 kernel config: https://syzkaller.appspot.com/x/.config?x=295b41325f4e1bab dashboard link: https://syzkaller.appspot.com/bug?extid=fa3a12519f0d3fd4ec16 compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 patch: https://syzkaller.appspot.com/x/patch.diff?x=15ac34a2580000 Note: testing is done by a robot and is best-effort only.
Hi,
在 2025/07/30 13:51, Arnaud Lecomte 写道:
> #syz test
>
> --- a/drivers/md/md.c
> +++ b/drivers/md/md.c
> @@ -5978,10 +5978,6 @@ struct mddev *md_alloc(dev_t dev, char *name)
>
> disk->events |= DISK_EVENT_MEDIA_CHANGE;
> mddev->gendisk = disk;
> - error = add_disk(disk);
> - if (error)
> - goto out_put_disk;
> -
> kobject_init(&mddev->kobj, &md_ktype);
> error = kobject_add(&mddev->kobj, &disk_to_dev(disk)->kobj, "%s", "md");
This is wrong, you can't add mddev >kobj under the disk without
kobject_add for the disk kobj.
Thanks,
Kuai
> if (error) {
> @@ -5999,6 +5995,9 @@ struct mddev *md_alloc(dev_t dev, char *name)
> kobject_uevent(&mddev->kobj, KOBJ_ADD);
> mddev->sysfs_state = sysfs_get_dirent_safe(mddev->kobj.sd, "array_state");
> mddev->sysfs_level = sysfs_get_dirent_safe(mddev->kobj.sd, "level");
> + error = add_disk(disk);
> + if (error)
> + goto out_put_disk;
> mutex_unlock(&disks_mutex);
> return mddev;
>
>
On 30/07/2025 07:09, Yu Kuai wrote:
> Hi,
>
> 在 2025/07/30 13:51, Arnaud Lecomte 写道:
>> #syz test
>>
>> --- a/drivers/md/md.c
>> +++ b/drivers/md/md.c
>> @@ -5978,10 +5978,6 @@ struct mddev *md_alloc(dev_t dev, char *name)
>> disk->events |= DISK_EVENT_MEDIA_CHANGE;
>> mddev->gendisk = disk;
>> - error = add_disk(disk);
>> - if (error)
>> - goto out_put_disk;
>> -
>> kobject_init(&mddev->kobj, &md_ktype);
>> error = kobject_add(&mddev->kobj, &disk_to_dev(disk)->kobj,
>> "%s", "md");
>
> This is wrong, you can't add mddev >kobj under the disk without
> kobject_add for the disk kobj.
>
Will dive a bit more into that after work,
Thanks
> Thanks,
> Kuai
>
>> if (error) {
>> @@ -5999,6 +5995,9 @@ struct mddev *md_alloc(dev_t dev, char *name)
>> kobject_uevent(&mddev->kobj, KOBJ_ADD);
>> mddev->sysfs_state = sysfs_get_dirent_safe(mddev->kobj.sd,
>> "array_state");
>> mddev->sysfs_level = sysfs_get_dirent_safe(mddev->kobj.sd,
>> "level");
>> + error = add_disk(disk);
>> + if (error)
>> + goto out_put_disk;
>> mutex_unlock(&disks_mutex);
>> return mddev;
>>
>
© 2016 - 2026 Red Hat, Inc.